LOG-5 Security Event Review

What is LOG-5 Security Event Review Control about?

Security event review is a vital part of enterprise monitoring. Each security alert event must be reviewed and tracked for remediation.

Available tools in the marketplace

The following listing is “crowdsourced” from our customer base or from external research. TrustCloud does not personally recommend any of the tools below, as we haven’t used them.

Logging Tools

Zabbix

DataDog

ManageEngine

Available templates

TrustCloud has a curated list of templates, internally or externally sourced, to help you get started. Click on the link for a downloadable version.

• N/A: No template recommendation

Control implementation

NOTE: This control is 100% automated by TrustCloud. Connect your system to enjoy the benefits of automation.

For a manual implementation: 

Implement a review capability within the monitoring logging tool by tracking security event alert notifications for triage and remediation. It is up to each company to decide the format. Typically, it is expected for any alert notification to be logged into a ticket in which remediation activities are documented.

What evidence do auditors look for?

Most auditors, at a minimum, are looking for the below-suggested action:

1. Provide a screenshot of the review capability within the tool.
2. Provide an example of an alert received and its remediation.

Evidence example

For the suggested action, an example is provided below:

1. Provide a screenshot of the review capability within the tool.
   The following screenshot shows security event alerts.
   
2. Provide an example of an alert received.
   The following screenshot shows an email alert.
   
   
3. Provide an example of remediation for the received alert.
   The following screenshot shows the remediation in the form of a JIRA ticket or within the tool.